Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

You're reading from   CCSP (ISC)2 Certified Cloud Security Professional Exam Guide Build your knowledge to pass the CCSP exam with expert guidance

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781838987664
Length 560 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Omar A. Turner Omar A. Turner
Author Profile Icon Omar A. Turner
Omar A. Turner
Ms. Navya Lakshmana Ms. Navya Lakshmana
Author Profile Icon Ms. Navya Lakshmana
Ms. Navya Lakshmana
Arrow right icon
View More author details
Toc

Table of Contents (27) Chapters Close

Preface 1. Chapter 1: Core Cloud Concepts FREE CHAPTER 2. Chapter 2: Cloud Reference Architecture 3. Chapter 3: Top Threats and Essential Cloud Security Concepts and Controls 4. Chapter 4: Design Principles for Secure Cloud Computing 5. Chapter 5: How to Evaluate Your Cloud Service Provider 6. Chapter 6: Cloud Data Security Concepts and Architectures 7. Chapter 7: Data Governance Essentials 8. Chapter 8: Essential Infrastructure and Platform Components for a Secure Data Center 9. Chapter 9: Analyzing Risks 10. Chapter 10: Security Control Implementation 11. Chapter 11: Planning for the Worst-Case Scenario – Business Continuity and Disaster Recovery 12. Chapter 12: Application Security 13. Chapter 13: Secure Software Development Life Cycle 14. Chapter 14: Assurance, Validation, and Verification in Security 15. Chapter 15: Application-Centric Cloud Architecture 16. Chapter 16: IAM Design 17. Chapter 17: Cloud Physical and Logical Infrastructure (Operationalization and Maintenance) 18. Chapter 18: International Operational Controls and Standards 19. Chapter 19: Digital Forensics 20. Chapter 20: Managing Communications 21. Chapter 21: Security Operations Center Management 22. Chapter 22: Legal Challenges and the Cloud 23. Chapter 23: Privacy and the Cloud 24. Chapter 24: Cloud Audit Processes and Methodologies 25. Chapter 25: Accessing the Online Practice Resources 26. Other Books You May Enjoy

What This Book Covers

Chapter 1, Core Cloud Concepts, introduces the most relevant cloud computing characteristics and concepts with regard to cloud service models, cloud deployment models, and the different types of stakeholders in cloud computing.

Chapter 2, Cloud Reference Architecture, covers the cloud reference architecture, cloud service models, cloud deployment models, and cloud capabilities. We will also introduce the shared considerations for cloud deployments and the impact of new and emerging technologies on the evolution of cloud computing.

Chapter 3, Top Threats and Essential Cloud Security Concepts and Controls, describes the common threats to cloud deployments and attack vectors. We will introduce the control frameworks and control types necessary to secure data, network, and virtualization layers for cloud computing.

Chapter 4, Design Principles for Secure Cloud Computing, focuses on the service model security considerations.

Chapter 5, How to Evaluate Your Cloud Service Provider, discusses how to review and understand key cloud service contractual documents from the perspective of cloud service consumers. We will provide the best practices on how to evaluate your CSP based on a set of criteria.

Chapter 6, Cloud Data Security Concepts and Architectures, describes cloud data concepts, cloud data storage architectures, data security, data classification, and cloud data security technologies. We will review the stages of the cloud data life cycle in cloud environments, from creation to safe destruction practices.

Chapter 7, Data Governance Essentials, reviews the most important concepts of governance oversight for data life cycle phases in the cloud environment. We will introduce the concepts of Information Rights Management (IRM) and best practices for auditability, traceability, and accountability when it comes to data use in cloud environments.

Chapter 8, Essential Infrastructure and Platform Components for a Secure Data Center, reviews key cloud infrastructure and platform components and the best practices for the secure design of the logical, physical, and environmental components of a modern data center.

Chapter 9, Analyzing Risks, identifies the top risks to the physical, logical, and virtual environments as a cloud consumer and provider. We will discuss how to analyze, assess, and address the risk with safeguards and countermeasures.

Chapter 10, Security Control Implementation, provides an overview of the key concepts of the selection, planning, and implementation of security controls in cloud environments.

Chapter 11, Planning for the Worst-Case Scenario – Business Continuity and Disaster Recovery, discusses how organizations are preparing to withstand disasters and business disruptions to be able to continue the delivery of products and services within acceptable time frames.

Chapter 12, Application Security, reviews development basics, the challenges organizations face, and the common cloud vulnerabilities for web applications.

Chapter 13, Secure Software Development Life Cycle, is dedicated to educating you on the Secure Software Development Life Cycle (S-SDLC), including coverage of topics such as defining requirements, what methodology to use to apply the S-SDLC, threat modeling, and secure coding.

Chapter 14, Assurance, Validation, and Verification in Security, describes key processes as they relate to functional testing, profiling security testing methodologies, QA, and other solutions.

Chapter 15, Application-Centric Cloud Architecture, reviews the important specifics of traditional cloud application architecture, with a focus on essential security components such as WAF, DAM, API gateways, cryptography, sandboxing, and securing virtualized applications.

Chapter 16, IAM Design, focuses on Identity and Access Management (IAM) solutions, which are critical elements of securing organizations. This chapter covers identity providers, federated identities, secrets management, and other important IAM solutions.

Chapter 17, Cloud Physical and Logical Infrastructure (Operationalization and Maintenance), reviews the key physical and logical infrastructure configuration requirements for cloud environments. We will also provide an overview of the most common configurations and controls for operational and maintenance activities for physical and logical infrastructures.

Chapter 18, International Operational Controls and Standards, reviews the leading industry standards for Information Technology Service Management (ITSM).

Chapter 19, Digital Forensics, discusses forensic data collection methodologies, evidence management, and other key concepts for the collection, acquisition, and preservation of digital evidence.

Chapter 20, Managing Communications, covers the best practices for the communication channels and procedures that need to be set up if an organization intends to be resilient against impacts of all types. We will review the most common communication channels with vendors, customers, regulators, partners, and other stakeholders.

Chapter 21, Security Operations Center Management, covers the best practices for establishing the primary requirements of a security operations center and how they are informed by the business mission, regulatory and legal requirements, and service offerings. We will review a wide range of tools related to monitoring and logging that are necessary for effective security operations center management.

Chapter 22, Legal Challenges and the Cloud, discusses compliance with legal and contractual requirements. The chapter covers in detail the policies, standards, guidelines, baselines, and procedures that frame decision-making, as well as the roles that delineate authority levels (e.g., shareholders, stakeholders, senior management, service consumers, and service providers).

Chapter 23, Privacy and the Cloud, discusses privacy regulations and country-specific legislation related to PII and PHI. We will review key jurisdictional differences in data privacy.

Chapter 24, Cloud Audit Processes and Methodologies, reviews the most common ways to conduct audits of IT systems, covering the audit process, the methodologies, and the required adaptations for a cloud environment.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image